Who controls the internet? Ted Cruz's fantasy vs. the reality
LatestIn June, Senator Ted Cruz released a video declaring that President Obama is on the verge of “giving the internet away” to Iran, Russia and China. The video deploys an appropriately menacing soundtrack, some cyber-spooky glitch effects, and the threat of a “mini UN” taking over our beloved bastion of free speech and free enterprise—unless Congress acts before a deadline of September 30. Cruz upped the drama last week, in preparation for Congress returning from summer vacation, by launching a countdown clock on his website.
Cruz’s belief that the government owns the internet enough to give it away is flawed, but the confusion is understandable—even highly competent internet users are unaware of the complex systems and institutions that make their day-to-day experience of the internet work seamlessly. And it’s such a vast, complicated thing that one might assume that somewhere there has to be a point of control to the internet, a kill switch, someone or something in charge of the whole thing.
And yes, there are plenty of companies and governments angling to be the ones with that control switch in some form. Facebook’s probably the most aggressive in its pursuit of that title, seen in efforts like Internet.org’s benevolent distribution of Facebook to the developing world.
But “control” over the entirety of the internet is a concept based on a broken understanding of what the internet is and what it’s become since the first packet switches were installed in UCLA labs in 1969. And the grave “giveaway” of control that Cruz has introduced legislation to prevent is less a malevolent conspiracy and more a matryoshka of internet history and political theater, mostly revolving around a small but crucial part of the internet: domain names. To understand how we got to a place where conservatives are warning that the U.S. is about to “give away the internet,” we need to understand who, exactly, they think controls the internet: a California nonprofit known as ICANN.
ICANN was created in 1998 at the behest of the Department of Commerce. ICANN (full name: Internet Corporation for the Assignment of Names and Numbers) has a few important jobs, but there are two that are crucial to keeping the internet running: It distributes blocks of IP addresses, which allow people to get on the internet and put stuff there, and it runs the root server for the Domain Name System (DNS), which is the central directory structure that allows people to find stuff on the internet. Those two tasks are mainly performed by an organization within ICANN called IANA (the Internet Assigned Numbers Authority), which ICANN manages per a contract with the Commerce Department.
ICANN’s contract with the Commerce Department has been renewed a few times over the last 18 years, but on September 30, it’s set to finally expire. When that happens, ICANN will keep doing the super-important things it does to keep the internet running smoothly, they just won’t officially do it for the U.S. government. The transition away from government oversight began two years ago, following post-Snowden outcry from countries like Brazil about US influence and perceived control of the internet.
Depending on who you ask, the end of the contract means control of the internet as we know it is going to be lost forever to oppressive governments, is about to continue to be in the hands of a puppetmaster oppressive government, or is about to enter a bold new chapter of governance in which control is truly in the hands of the entire community of internet users around the world. After immersing myself in the acronyms and ancient customs of the internet governance world, I concluded that none of these various forecast futures are entirely correct. However, all of them speak to a public yearning for a narrative in which the internet is and could be easily defined, owned, and controlled.
ICANN emerged at a time when it might have been possible to argue that the internet was controlled, not by a shadowy NGO or corporations, but by a bunch of computer scientists and researchers who’d been basically building the internet since the early 1970s. This was an internet that still had a capital I because it seemed significantly separate from most people’s day-to-day lives. Being offline was the norm, not the presumed exception. The people who were online were a fairly small, tightly-knit community of mostly academics and researchers who were essentially building the internet as they went along.
One part of the internet they built was DNS, that method for assigning domain names to IP addresses—DNS is why you can type “google.com” instead of 216.58.212.238. Like many core internet protocols, DNS doesn’t lend itself to concise explanations (lucky for you, DNSimple made a nice comic book about it), but for this story the important thing to understand is that at its heart there’s a root zone file, which is basically a database for every existing top-level domain (the end part of the domain, i.e. .com, .net, or the recently added and literally greatest top-level domain in existence .horse).
IANA manages and maintains that file. This is part of where the “control” myth starts—the root zone is the heart of the internet’s global address book, and if it stopped working it’d be a hell of a lot harder to find things online. One of the reasons ICANN ends up at the eye of the “controlling the internet” storm is that, well, there isn’t anything else quite like it—there are internet governance groups, sure, and standards bodies, but there isn’t any other coherent organization attending to centralized infrastructure (or doing so with such political pomp and circumstance).
Before the creation of ICANN, in the 1980s and into the 1990s, IANA amounted to basically two people: internet history luminaries Jon Postel and Joyce Reynolds, who worked at USC’s Information Sciences Institute under contract to DARPA (Postel tends to be lionized in these histories more frequently than Reynolds, in part because his legacy on internet history extends into the earliest beginnings of the ARPANet and the development of core internet and email protocols. But this wouldn’t be a tech history story without a sidelined woman behind the scenes! I digress.).
A popular joke among cynical members of the internet governance community is that ICANN is an ongoing experiment to see just how many lawyers and PR staffers can be employed to carry out a task that used to require just two part-time engineers. And, frankly, it is pretty remarkable that over the course of the past eighteen years, an entity that Postel once referred to in Congressional testimony as a “side task” now requires an apparatus with 357 full-time staffers and offices in 8 countries.
But that cynicism ignores all the political kudzu that rapidly ensnared Postel and Reynolds’ “side task” as the internet stopped being a community of like-minded computer scientists and started including companies, other countries, and other nontechnical users. Before all the newbs showed up, the task of building the technical and infrastructural foundations of the internet and the web belonged to semi-informal, technically-minded groups like the Internet Engineering Task Force and the World Wide Web Consortium. These groups defined the protocols and standards that remain the foundation of today’s very different, commercially-charged internet, and they did so in a collegial environment—everyone knew each other, and everyone shared similar technical goals. Even today, the IETF prides itself on its belief in what engineer David Clark called “rough consensus and running code.”
“Literally, half of them, people like Steve Crocker, Jon Postel, Vint Cerf, went to the same high school in Southern California. They knew each other very well, they trusted each other,” explained Milton Mueller, a Professor at the Georgia Institute of Technology’s School of Public Policy and longtime researcher of internet governance. “They had built something that, obviously, was very important, and they all deserved an enormous amount of credit for their expertise, and for their governance capabilities, in terms of setting up standards organizations. But when [the internet] got so big and so important that conflicts over political power and wealth started coming in, they really resented it.”
A lot of those early concerns were wrapped up in top-level domains—a pragmatic design choice that, to IANA’s great annoyance, quickly became a political one. Translating IP addresses into words means selecting words. Technologists aren’t that concerned with what lies on the other side of the veil of language, but governments and corporations sure are.
Thanks to a design decision that put URLs front and center in early browser design, domain names were quickly transformed from merely a workaround for the limitations of human memory into valuable internet real estate. The market for this new real estate was initially controlled by a single private company called Network Solutions. Between 1991 and 1999, Network Solutions (today called Verisign) had a complete monopoly on the sale of .com, .org, and .net domain names as a result of taking a federal government contract to maintain the root server. (Verisign still is the primary seller of .com domains.) In 1995, the same year it was acquired by defense contractor SAIC, Network Solutions began to charge for domain name registrations—prior to that domains were actually free if you were willing to go through some rigamarole to register them. Because Network Solutions was the only game in town for a domain and most people still didn’t really understand what a domain was actually worth, it was able to do things like charge $100 for two years of registration for a .com domain.
The Network Solutions monopoly created understandable concern among civil society and consumer interest groups, as well as frustration from rival aspiring domain registrars. Around 1995 and 1996, a handful of entrepreneurs that wanted to have their own top-level domains started running independent root servers, facilitating the possibility of a splintered, secessionist internet in the process. So you could, technically, buy a .biz domain as early as 1995—but you’d have to reconfigure your DNS to be able to access those domains, and as a result you might not be able to connect to .com domains. To the alternative domains business, IANA and the technical community were a closed-off, elitist group stifling marketplace innovation. To the technical community, these companies were reckless opportunists who wanted to fragment the internet.
In one case, that recklessness went as far as quite literal marketplace disruption. In 1997 Eugene Kashpureff, the operator of Network Solutions rival AlterNIC, took advantage of a security hole that made it possible for him to redirect users trying to visit the Network Solutions website to his own, where he’d posted a protest message. (Kashpureff ultimately paid a fine for his actions and was later charged by the FBI for engaging in wire fraud.)
Between legal challenges to the Network Solutions monopoly, agitated rival nameservers, and corporations fighting tooth and nail over domain squatting when savvy internet users snagged domains like coke.com, it became increasingly difficult for Postel to continue employing his preferred method of settling IANA disputes—deferring responsibility and getting parties to settle disagreements amongst themselves.
Following a few different efforts by groups like the nonprofit Internet Society and the U.N.’s International Telecommunications Union (ITU) to come up with self-governing regulation for top-level domains and IANA operations, the US government realized if it continued to benignly neglect the network it had largely funded, it might lose any oversight role. The internet was considered too new and too important for that (not to mention Network Solutions was lobbying too many politicians to save their monopoly), so in 1998 some policy recommendation black magic led to ICANN being summoned into existence, a non-governmental chimera serving the needs of the global internet technically under contract to the US government.
ICANN’s birth coincided with the death of the illusion of a single “internet community” that could be served purely by rough consensus and running code. It was when “the geeks lost control of the thing,” said Andrew Sullivan, a member of the Internet Architecture Board (IAB). And it’s when the security problems really started. On an internet where everyone knows everybody else, “if somebody really misbehaves, you just threw them off the network,” said Sullivan. “You can’t do that anymore… We’ve been playing catch-up ever since.”
This historical moment is one that the internet loves to repeat. It’s a familiar narrative in most of the major conflicts of giant platform companies today. In the aughts, during the “move fast and break things” era in which Web 2.0 and social media emerged, a relatively homogenous community (of mostly white male engineers) functioned effectively by setting their own norms, often with an emphasis on free speech. When issues of scale, revenue, and user needs like safety and privacy emerged, a lot of those scrappy little teams at Facebook and Twitter were utterly flat-footed or downright dismissive of having to meet the needs and expectations of people not like them, people with different goals and different social norms.
A typical internet user would be understandably confused to hear it’s ICANN and not these monolithic companies that “control” the internet. After all, how important are domain names in an era where more and more internet traffic is to mobile apps, not visiting websites in a browser—and when more and more traffic to websites in a browser is coming from social media apps? How many people even type in URLs anymore, preferring to use Google as a sort of algorithmic DNS? ICANN may control the mechanisms behind a website’s domain name, but Facebook and Google control the mechanisms that lead users to even finding that website. And unlike a psuedo-governmental body like ICANN, there isn’t really a place to air those grievances and demand accountability or change to platforms other than, well, on the platforms themselves (or, uh, hot takes on news sites aggressively optimizing for social media).
The frustration at today’s platforms is compounded by the absence of any single regulatory framework or intergovernmental body for holding them accountable—at the moment, accountability for companies like Facebook and Google takes the form of a bricolage of lawsuits in different jurisdictions. When I asked Steve Crocker about the tendency to pin “control” of the internet on ICANN, he pointed to this reality—there are a lot of problems with the internet that are far from ICANN’s purview, and no single governing body to point them toward.
“The lack of something as concrete as ICANN, like a ‘go down the hall to window twenty-five’ type of answer—the fact that does not exist creates this vacuum and dissatisfaction,” he said. Lacking that, ICANN has become the “pawn of the decade,” said Crocker. “It’s an available target to use when [governments] really are concerned about North versus South and East versus West, and haves versus have-nots, and all of the conflicts that are inherent in the world becoming flat.”
That ICANN exists essentially as a non-governmental extension of the US government has understandably annoyed many foreign governments. It also makes a fair amount of money attending to this highly political infrastructure; it earns a fraction of all domain name sales and collects hefty fees from applicants for new top-level domains. Its May 2016 990 form shows around $219 million in revenue. Among its expenses are semi-theatrical displays meant to demonstrate what it means to “run the internet” (such as the “seven keys” ceremony) and its public meetings, which take place in different locations around the world three times a year and could be easily mistaken for a highly pedantic live-action role playing game in which acronyms are hurled like spells.
To get an idea of what “running the internet” entails, here’s a sample of the topics contemplated at last summer’s public meeting in Helsinki: Defining the charter for an as-yet unformed group that will decide what to do with the proceeds from selling the new top-level domain auction proceeds (when multiple companies want to acquire the same top-level domain, they have to duke it out in an auction to acquire it rather than paying ICANN’s registration fee—you can go see some of the auction results on the ICANN website to get a sense of which TLDs people are fighting over). This wasn’t a session about deciding what to do with the money; it was literally just discussing making a charter for someone else to decide. Another session discussed the possibility of three-character (as opposed to two-character) country codes as top-level domains (Just what are the implications of introducing .deu as a top-level domain? Reader, they are far greater than you’d ever think). And, best of all, there was a session devoted to a Draft Framework of Principles for Future Cross Community Working Groups. In case that wasn’t clear: there’s a group to write a framework for how groups work.
The transition plan for moving ICANN out of US government oversight heavily emphasizes preserving this culture of meetings and consensus decision-making, known in ICANN as “the multistakeholder model”—it’s considered core to ICANN’s identity and operations. There is something vaguely hopeful and kind of endearing about that in a year marked by Western countries retreating into recalcitrant, xenophobic politics and backlash to globalization reaching a fever pitch. The idea that an organization central to the maintenance and operations of the internet runs on an overwhelmingly open consensus-driven governance model is kind of remarkable.
The meetings and their weird minutiae are a necessary part of this. Translation and transparency, or efforts at both, are another. Almost all ICANN meetings and calls are open to the public, and recordings and transcriptions of those public sessions are archived online, usually along with relevant slides and video. At the meetings, a massive apparatus for real-time translation and transcription provides non-native English speakers with French, Spanish, Arabic, Russian, and Chinese versions of the proceedings.
But the sheer volume of minutely documented and archived process within ICANN produces a weird, if unintentional, sleight of hand, one that is familiar to anyone who’s dealt with any large “open” institution, be it a government or open source software projects. At a certain scale and scope, radical transparency becomes a means of achieving near-total inscrutability. Concepts and policies hide behind jargon, jargon hides behind footnotes explaining jargon, footnotes are full of new jargon rabbit-holes to leap through in some dizzying political mash-up of House of Leaves with House of Cards. To tell someone it’s easy to figure out how ICANN works and what the organization “really” does by offering them hundreds of pages of PDFs on their website is a little disingenuous, no matter how many languages those PDFs are available in.
And perhaps this deluge of minutiae is how it should be—a certain amount of tedium is often a feature of democracy, not a bug. Try to map out the workings of the U.S. Congress and you’ll run into an equal volume of acronyms, procedural theater, and bureaucratic opacity. And without all that tedium to buffer what amounts to basic database maintenance, ICANN wouldn’t be able to make the case that it can oversee those basic tasks without government involvement.
When the actual transition process began, the government asked ICANN to propose a new model for its post-contract existence, and they made some stipulations about what that proposal required. Their requests included the following:
- “Support and enhance the multistakeholder model” (i.e., keep having all the meetings about Cross Community Metajargon)
- “Maintain the security, stability, and resiliency of the Internet DNS” (the reason everyone seems to think ICANN “controls” stuff)
- “Meet the needs and expectation of the global customers and partners of the IANA services” (keep doing your job, although a more cynical read on this might be “keep being good to the private sector”)
- Maintain the openness of the Internet (which, you’d think this part would make Ted Cruz less grouchy)
(Note the capitalized I.)
These are all relatively benign-sounding requests that aren’t particularly controversial to implement, but one expectation in the document is fairly politically loaded. In its request for a proposal, the NTIA said it would reject any proposal that introduced either a government-led or intergovernmental organization into IANA’s operations. This sticking point is essentially directed at any actors who’d like to see ICANN behave more like the United Nations (who, to be fair to Ted Cruz, do exist). The NTIA’s position is, essentially, that the end of its contract with ICANN should lead to no authoritative role for government in the operations of the internet, and that option is preferable to giving all governments equal authoritative influence.
The stipulation to keep ICANN from resembling the UN is the reason that for the purposes of the transition, ICANN will continue to operate as a California nonprofit under US law. While this fact presumably should make Ted Cruz feel a lot more reassured, plenty of countries involved in ICANN’s Government Advisory Committee (GAC) and non-American actors in the ICANN community consider this a really troubling jurisdiction issue—why does the organization have to continue to be US-based and operated if it serves a global community? This concern, while valid, seems less a matter of government influence than corporate influence. It’s not really the U.S. government that wants to keep an eye and have a degree of influence on what ICANN does—it’s American companies like Verisign and Google.
The transition plan also introduces new accountability frameworks. When a substantial enough contingent of the acronym army of committees express concern with an issue, 29 members of those different committees will gather, in a body the transition plan calls the “Empowered Community.” It’s not a new legal entity or a formal board, exactly—basically, it’s like an accountability Voltron, formed when called upon. The Voltron can do things like reject proposals for or changes to ICANN budgets and bylaws, approve changes to bylaws, and recall board members or, in a more extreme scenario, recall the entire ICANN board.
This is where, theoretically, it might be possible for governments to push for more authority and influence or “takeover”—maybe if Russia and China did enough politicking they could lift that US jurisdiction rule. But because a big part of the multistakeholder miasma is using consensus over voting, the Government Advisory Committee would basically have to have unanimous agreement to even push forward a proposal for a change. Based on watching representatives of Iran and the United States argue over the exact meaning and use of the phrase “to the fullest extent possible” in a collectively written advisory document at the last ICANN meeting, that kind of unanimous consensus seems pretty rare and hard-won, which makes the prospect of a unanimous agreement to push ICANN out of US jurisdiction pretty unlikely.
Even severe worst-case scenarios—say, countries like China and Russia getting fed up with ICANN’s policies and creating a parallel root server system, further fragmenting the internet—didn’t seem particularly realistic (although such a statement feels risky given that 2016 has been the year of All Unlikely Political Things Being Possible). It’s a lot easier to censor specific sites at lower, more nationally-localized levels of the Domain Name System than build and maintain an entirely new parallel root server system. It’s an impractical line of attack. Basically, ICANN severing its ties with the U.S. government can’t really make censorship of the internet in China any worse than it already is in China.
Mueller expressed concern about a different point of failure—a financial one. “I think, actually, the biggest risk of something going seriously wrong is just that the money goes away.” The domain name industry is crucial to ICANN’s financial stability, and in an internet increasingly defined by apps and Facebook, domain names may be less relevant. Then again, it doesn’t seem like the industry’s slowing down all that much—according to Verisign, the first quarter of 2016 saw 326.4 million domains registered.
Mostly, when I asked people at ICANN about worst-case scenarios with the transition, they pointed to Ted Cruz’s efforts. The transition not going through—either through a blocking action from this current Congress through some legislative action or Congress just delaying until the next president comes into office—would not only undermine the work that a lot of people have already put into the transition plan, it also would create even further mistrust and frustration among countries like Brazil that continue to be frustrated by US control. Maybe that would be enough to justify a fragmentation of the root zone. Or it could just make it harder for the multistakeholder model to function by undermining trust in the community as a whole, making consensus harder to achieve. Which is kind of to say it could start to look a lot more like the US Congress.
It’s not clear if Congress will really pick up Cruz’s call to action, but opposition to the IANA transition was actually inserted into the Republican Party platform this year. It describes Obama as “[throwing] the internet to the wolves” of Russia, China, and Iran. ICANN’s complexity is part of what makes it an easy target for conservatives to rally around—while their arguments against the transition plan are mostly incoherent, getting to a technically accurate counter-argument requires going deep into tech policy rabbit holes that most people don’t have time to read (she said, checking her word count—if you made it through the last 4,191 words I commend you, reader!). That wonkiness could be a shield that keeps Cruz’s efforts from gaining traction in a distracted media cycle or a liability that makes a mostly tech-averse Congress actually listen to the Texas senator.
These various machinations appear to have the Department of Commerce on notice—on August 31, Commerce sent a letter to ICANN cautioning the organization that it may in fact extend the contract for another year after all.
To be clear: ICANN has about as much control over the internet as Ted Cruz has a grasp on how DNS actually works—which is to say, very little. But the perpetuation of the fiction that ICANN controls the internet is representative of the completely understandable human impulse to try and assign control of the internet to someone or something, particularly in a time where the systems that shape most users’ experience of the internet are increasingly opaque and unaccountable to users.
Saying any one group controls the internet is as absurd as saying who “controls” capitalism or globalization itself. But everyone has their version of control. Silicon Valley billionaires may insist we surrender to the invisible hand of the network, which simply chooses disruption and convenience over accountability and ethics. For the federal government, it’s far easier to accuse the private sector of being in control and thwarting national security than admit that mass surveillance is an expensive and incompetent tactic. For critics (or those who’d prefer that control be in their hands), it would be far simpler to point at a single oligarch or Bohemian Club or ICANN that needs to be overthrown; it might redeem what today at times seems like a fractal trainwreck of an internet, and somehow bring us back to John Perry Barlow’s never-realized promise of an independent cyberspace.
Andrew Sullivan views the absence of control over the internet a bit more optimistically. “People forget that the internet is unlike other technologies in that… there’s literally no center. You can’t take it over, because the network of networks just routes around you when you try to do that.” While he conceded that the purity of a technical design alone can’t overcome the realities of, say, the monopolies of Google and Facebook or the interests of nation-states, he thinks those political realities aren’t pure, fixed truths either. “If you think that the first mover advantage is the thing that gives you the power on the internet, then ask the investors of MySpace how that worked out…[of course] all complex systems produce loci of control that are hard to displace, but it’s also true that they can be displaced if things get bad enough.”
The end of ICANN’s contract with the U.S. government isn’t particularly remarkable for the actual changes it will bring. The success of the transition plan is, arguably, in the fact that for most internet users it will make absolutely no difference in their day-to-day lives. But this transition happens at a moment when, as Robinson Meyer noted in The Atlantic recently, technology has become “just politics”—and yet we still lack clear arenas for holding technology companies and governments using technology politically accountable.
As far as theaters for political compromise go, ICANN is about as imperfect and as ideal as any governance model. But in an era where technology and the internet are no longer niche components of a political agenda but are interwoven into almost all political topics, deciding whether to view that theater as tragedy, farce, or hope mostly depends on the kind of politics and political giants you want the internet to have.
Ingrid Burrington writes and works on a small island off the coast of America. She’s the author of Networks of New York: An Illustrated Field Guide to Urban Internet Infrastructure and an artist in residence at Data and Society Research Institute.